SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Surveillance
#
Breach Prevention
#
Data Privacy

Prominent spyware firm SpyX breached, exposing Apple users

Yesterday
Author image
By Melania Watson, Interview Editor

A prominent spyware operation, known as SpyX, reportedly suffered a data breach last year impacting nearly two million individuals, including thousands of Apple users.

Cybersecurity specialists have weighed in on the implications of the breach and the subsequent actions, or lack thereof, by SpyX.

Javvad Malik, Lead Security Awareness Advocate at KnowBe4, pointed out, "The irony of an entity purporting to offer surveillance capabilities itself falling prey to a breach is not lost with this one."

"However, this breach not only exposes the victims to further risks but starkly highlights the inherent vulnerabilities within these spyware operations. The fact that a large number of Apple users were impacted is a reminder that while some technologies are more robust than others, no platform is invulnerable to being breached."

"Beyond the breach, the apparent inaction and silence by SpyX showcases a lack of responsibility."

Paul Bischoff, Consumer Privacy Advocate at Comparitech, criticised SpyX's failure to comply with data breach laws, stating, "By law, companies must report breaches like this to the authorities."

"SpyX is a UK-based company, and the UK has strict breach disclosure laws. SpyX appears to be in violation of those laws by knowingly not reporting a major breach. SpyX does business in the US, which also has breach disclosure laws. SpyX's failure to report the breach is negligent and puts Apple users at risk, but it's not surprising given the app's shady business model."

Chris Hauk, Consumer Privacy Champion at Pixel Privacy, expressed similar concerns about the lack of notification, "It is inexcusable for a firm to experience a data breach and not notify the authorities and the affected parties."

"While normally I would applaud a stalkery firm like this being hit with hack attacks, data breaches like this one put millions of users at risk, possibly leaving Apple users open to being hacked on iCloud. Both UK and US laws require reporting of breaches like this, meaning SpyX could be subject to penalties from both countries."

Hauk further advised affected users, "iCloud users who have used SpyX should immediately visit the Have I Been Pwned website and enter their e-mail address(es) to determine whether their information was exposed in the breach."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Cynet appoints Meghan AuBuchon as chief marketing officer
Phishing-as-a-Service attacks rise in early 2025 report
Massive attack on GitHub affects over 23,000 repositories
Bitdefender uncovers massive Google Play Store ad fraud
Trend Micro unveils AI-driven platform for MSP efficiency
Top stories
AI growth challenges data security in major enterprises
Red Canary warns of surge in identity & AI threats for 2025
Google’s USD $32B Wiz acquisition sparks concerns over cloud security neutrality
Professor Brian Cox to headline major information security event
Red Alpha appoints new CISO-in-residence amid talent gap